So apparently a lot of accounts got stolen a few days ago. This is the clever and very technically demanding method the hackers used:
Step 1: “forgot password”…oh darn I can’t see the email with the password change link
Step 2: I wonder what happens if I try to change the email for this account. I bet there’s some sort of verification…oh what it just worked? No form of authentication required at all?
Step 3: huehuehuehuehue
The issue has been fixed by now but unfortunately I was one of the people who got dicked by arena net. The funny part is that everything would be fine if I didn’t pre purchase to, y’know, show support for the game. The best part is that they took the time to deal with exploiters first instead of fixing the fact that they essentially scammed thousands of people out of 60 bucks.
Anyone know how to get a refund if I bought a digital copy? Do I have to dispute charges with my cc company or something? It seems like the only way I’ll ever get to play this is if I get my money back and buy another copy.
How were hackers able to change emails before accessing someone’s account? Don’t you need to already be logged in before you can do that or did Anet have a change email form out in the open where you could enter any random email address and hope one of them happened to be a GW2 account?
Yes, I think the only way to get a refund is to talk to your CC company and get a chargeback.
If you bought the game from them directly, Anet probably knows which serials are connected to the CC number used to purchase it so they’ll probably deactivate the account which means the hijackers lose access as well in case they were planning to use it for botting or selling it. This part is just speculation however. Doubt it’ll happen.
Hackers got a list of emails and stuff from somewhere (possibly stolen from Blizzard or another mmo company)
They try to log into gw2 with every email. Some of them are used for gw2 accounts as well.
Since they don’t know the password and it takes too long to brute force a strong one, they click the forgot your password link.
Since they can’t get into the email they can’t actually change the PW. However the gw2 website had a link to change the email associated with the acct somewhere, so all the hackers had to do was change that to their own email and then change the PW.
Huehuehuehue indeed. I suppose you guys can thank a couple of now-unemployed programming interns and a bunch of chinamen for the current downtime.
I wish there was a number I could call…this would get resolved so fast over the phone.
Isn’t the usual protocol whenever you want to change your email, on any web account for that matter, is to confirm the change by entering your password? That sounds like a huge oversight by Anet if all you had to do was enter a new email and that was it.
I did the email verification thing the first time I logged in, dunno how much security that adds but it does say it’ll email me if someone tries to login from another location.
Anet’s a much smaller company compared to Blizzard. I’m guessing their entire staff is only equal to WoWs GM team. It might take awhile before everything is fixed.
honestly i feel bad for everyone, but if it wasnt possible to change my email address associated with my account i wouldnt be able to play gw2 and link it to my gw1. because my gw1 was using a email address i just dont know the password to anymore.
Im pretty sure its why they had it set up that way at first.
Youre always free to make a new account though. Im probably going to have to if i do th chargeback/rebuy thing.
Changing the email address is Ok, the problem was not having any sort of verification like security questions, or having to provide some proof that you bought the game.
I like how they arent admitting that they fucked up, and seem to imply that its the customer’s fault for what happened, when really their only mistake was to use the same email for more than 1 game…(check the most recent state of the game).
Anyway ill stop bitching about this now. The internet seems to be doing a good job of piling on the hate anyway, just look at their facebook lol.
Well, the only way one could have changed the email is to log in to your account. The forgot password link just sent a notification to your actual email with a reset link. Granted, there was no extra security to stop the email change; e.g. like a confirm or halt via your own email in case you were hacked.
Because if what you describe was the case, my account would have been long gone given the amount of spam I receive in said email.
I just wished they would stabilize and set up the trading post. I’m 56 closing in on 57 and I’m no where near close to having enough gold to buy Tier 2 cultural armor by the time that quickly arrives at 60. Even selling all my drops instead of salvaging is only generating little silver. How the hell anyone is going to save up over 119g to buy Tier 3 @ 80 I haven’t the foggiest. Armorsmithing is a slow gruelling process since it’s hard to get the key materials needed to make the insignia’s all the time to level the damn profession up so I can’t make AT level gear for myself since I’m still crafting level 30 gear
ArenaNet - let me sell my excess mats… please!
@Ken34 - I faced Shatter yesterday. It’s quite easy to get the world events going to make that event happen. Just make sure you’re 50ish and you’re good to go.
Still kinda sucks that I’ll be way past level by the time funds are acquired. Even low levelling you gain alot of EXP in this game so you’re constantly levelling even when trying to make money instead. At the moment I’m using the heart karma vendors for my upgrades since I’ve got karma by the bucketload.
Game is pretty fun. I’m on Dragonbrand, anyone else on that server?
Engineer is pretty cool throwing grenades (better than I thought they would be) and shooting flamethrowers everywhere but I think my Elementalist would be my main. Double Dagger Fire attunement has very crazy burst and swapping attunements around just to burn skills for cc is also great. I also love how ride the lightning goes so damn far that you can pretty much catch up any players you routed very easily and then hit them with a stun or knock up. I’ve been doing WvWvW pretty well with it and winning 1v1 when I get the chance to fight like that. The healing spells for elem aren’t too hot though, but the signet one with the passive is good for long fights that you kite. One problem is I don’t have a lot of health but I noticed even getting a little vit on a wep like +15 boosts up hp by 3k on eternal battlegrounds (only lvl 13).
So like in GW1… all the prestige armour you probably won’t get until you actually finish the game a few times / grind to get.
See: Primeval, Vabbian, Marhan’s, Elite Luxon/Kurzick. So called “15K” or “15 platinum” sets
However, for most of the prestige sets, you have affordable Tier 1s which are just as good stat-wise… isn’t anything new.
I wouldn’t want to buy any upper tier armour until it’s level 80 because usually it’s a waste of money… even if you don’t look spanking gorgeous.
You could always transmutate though.
yea i faced him, really didnt do much lol, everyone else did the work. i did alot better against the undead dragon. but the ice dragon…omg that bitch is hard as fuck. i hit 80 a couple days ago, but i left that area, trying to farm in ruins of orr, looking for karma merchants lol.
Have they fixed the Ascalonian Catacombs bug yet? Couldn’t enter before with a party when I tried it. And for those who have done it, how often should I expect to die and lose in repair costs?
Read the reddit post again. Still je ne comprends pas. The only way his account could have changed is the hacker getting into his account and changing the email. Which would require knowing or spoofing his password.
Just seems like his email was spoofed and there was a hacker intent on getting in via brute force. The user does not say anything about a ‘new password’ - possibly this was taken from a forum or other MMO he was a part of. Anyhow, I would have changed the email to something else because the signs point to that- hence stopping the hacker because he’s not going to know your other email account… right?
A stupid thing was that Anet did not lock you out of an account if you got the password wrong on login x infinity, so brute force is highly possible if your email account is already known to be associated with an account.
The guy got his account restored in the end, albeit with venting… I’d do it too if I were him.
If it were this easy, like I said… my account would be gone too. My email associated with the account is widely known and from hotmail… so it’s out on the interwebs anyhow. I’ve not had any attempts to commandeer it.
i heard AC is still bugged but AC is a waste of time anywho
it’s about 70 copper per death to repair your gear at lv80. you will spend more on map travel than you will on repairs.
dungeon rewards should outweigh repair costs even when your group isn’t that good
it will probably be easier to make money once i can actually sell all these crafting materials i don’t use
yea man, just in the little spurts that the auction house was up ive made around 10g, if it was actually up constantly i think i would be rich right now. i pretty much found a recipe that sells really well and only cost me like 2 silver to make. im hoping no one else figures it out in all this time, if someone else does, it will suck.
